On 09/27/2010 08:26 PM, Rose, Greg wrote:
On 2010 Sep 24, at 12:47 , Steven Bellovin wrote:
Per
http://news.softpedia.com/news/New-Trojan-Steals-Digital-Certificates-157442.shtml
there's a new Trojan out there that looks for a steals Cert_*.p12
files -- certificates with private keys. Since the private keys
are password-protected, it thoughtfully installs a keystroke logger
as well....
Ah, the irony of a trojan stealing something that, because of lack of
PKI, is essentially useless anyway...
While I agree with the sentiment on PKI, we should accept this evidence
for what it is:
There exists at least one malware author who, as of recently, did not
have a trusted root CA key.
Additionally, the Stuxnet trojan is using driver-signing certs pilfered
from the legitimate parties the old-fashioned way. This suggests that
even professional teams with probable state backing either lack that
card or are saving it to play in the next round.
Is it possible that the current PKI isn't always the weakest link in the
chain? Is it too valuable of a cake to ever eat? Or does it just leave
too many footprints behind?
- Marsh
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [email protected]
